| OLD | NEW |
|---|
| 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2006-2009 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code GetDefaultCertNickname(), derived from | 5 // This file includes code GetDefaultCertNickname(), derived from |
| 6 // nsNSSCertificate::defaultServerNickName() | 6 // nsNSSCertificate::defaultServerNickName() |
| 7 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp | 7 // in mozilla/security/manager/ssl/src/nsNSSCertificate.cpp |
| 8 // and SSLClientSocketNSS::DoVerifyCertComplete() derived from | 8 // and SSLClientSocketNSS::DoVerifyCertComplete() derived from |
| 9 // AuthCertificateCallback() in | 9 // AuthCertificateCallback() in |
| 10 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 10 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| (...skipping 344 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 355 #else | 355 #else |
| 356 #error "You need to install NSS-3.12 or later to build chromium" | 356 #error "You need to install NSS-3.12 or later to build chromium" |
| 357 #endif | 357 #endif |
| 358 | 358 |
| 359 #ifdef SSL_ENABLE_DEFLATE | 359 #ifdef SSL_ENABLE_DEFLATE |
| 360 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, PR_TRUE); | 360 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, PR_TRUE); |
| 361 if (rv != SECSuccess) | 361 if (rv != SECSuccess) |
| 362 LOG(INFO) << "SSL_ENABLE_DEFLATE failed. Old system nss?"; | 362 LOG(INFO) << "SSL_ENABLE_DEFLATE failed. Old system nss?"; |
| 363 #endif | 363 #endif |
| 364 | 364 |
| 365 #ifdef SSL_NEXT_PROTO_NEGOTIATED |
| 366 if (!ssl_config_.next_protos.empty()) { |
| 367 rv = SSL_SetNextProtoNego( |
| 368 nss_fd_, |
| 369 reinterpret_cast<const unsigned char *>(ssl_config_.next_protos.data()), |
| 370 ssl_config_.next_protos.size()); |
| 371 if (rv != SECSuccess) |
| 372 LOG(INFO) << "SSL_SetNextProtoNego failed."; |
| 373 } |
| 374 #endif |
| 375 |
| 365 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); | 376 rv = SSL_OptionSet(nss_fd_, SSL_HANDSHAKE_AS_CLIENT, PR_TRUE); |
| 366 if (rv != SECSuccess) | 377 if (rv != SECSuccess) |
| 367 return ERR_UNEXPECTED; | 378 return ERR_UNEXPECTED; |
| 368 | 379 |
| 369 rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this); | 380 rv = SSL_AuthCertificateHook(nss_fd_, OwnAuthCertHandler, this); |
| 370 if (rv != SECSuccess) | 381 if (rv != SECSuccess) |
| 371 return ERR_UNEXPECTED; | 382 return ERR_UNEXPECTED; |
| 372 | 383 |
| 373 rv = SSL_GetClientAuthDataHook(nss_fd_, ClientAuthHandler, this); | 384 rv = SSL_GetClientAuthDataHook(nss_fd_, ClientAuthHandler, this); |
| 374 if (rv != SECSuccess) | 385 if (rv != SECSuccess) |
| (...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 548 } else { | 559 } else { |
| 549 ssl_info->security_bits = -1; | 560 ssl_info->security_bits = -1; |
| 550 LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError() | 561 LOG(DFATAL) << "SSL_GetCipherSuiteInfo returned " << PR_GetError() |
| 551 << " for cipherSuite " << channel_info.cipherSuite; | 562 << " for cipherSuite " << channel_info.cipherSuite; |
| 552 } | 563 } |
| 553 UpdateServerCert(); | 564 UpdateServerCert(); |
| 554 } | 565 } |
| 555 ssl_info->cert_status = server_cert_verify_result_.cert_status; | 566 ssl_info->cert_status = server_cert_verify_result_.cert_status; |
| 556 DCHECK(server_cert_ != NULL); | 567 DCHECK(server_cert_ != NULL); |
| 557 ssl_info->cert = server_cert_; | 568 ssl_info->cert = server_cert_; |
| 569 |
| 570 #ifdef SSL_NEXT_PROTO_NEGOTIATED |
| 571 unsigned char npn_buf[255]; |
| 572 unsigned npn_len; |
| 573 int npn_status; |
| 574 SECStatus rv = SSL_GetNextProto(nss_fd_, &npn_status, npn_buf, &npn_len, |
| 575 sizeof(npn_buf)); |
| 576 if (rv != SECSuccess) { |
| 577 npn_status = SSL_NEXT_PROTO_NO_SUPPORT; |
| 578 } |
| 579 |
| 580 if (npn_status == SSL_NEXT_PROTO_NO_SUPPORT) { |
| 581 ssl_info->next_proto_status = SSLInfo::kNextProtoUnsupported; |
| 582 ssl_info->next_proto.clear(); |
| 583 } else { |
| 584 ssl_info->next_proto = |
| 585 std::string(reinterpret_cast<const char *>(npn_buf), npn_len); |
| 586 switch (npn_status) { |
| 587 case SSL_NEXT_PROTO_NEGOTIATED: |
| 588 ssl_info->next_proto_status = SSLInfo::kNextProtoNegotiated; |
| 589 break; |
| 590 case SSL_NEXT_PROTO_NO_OVERLAP: |
| 591 ssl_info->next_proto_status = SSLInfo::kNextProtoNoOverlap; |
| 592 break; |
| 593 default: |
| 594 LOG(ERROR) << "Unknown npn_status: " << npn_status; |
| 595 ssl_info->next_proto_status = SSLInfo::kNextProtoNoOverlap; |
| 596 break; |
| 597 } |
| 598 } |
| 599 #endif |
| 600 |
| 558 LeaveFunction(""); | 601 LeaveFunction(""); |
| 559 } | 602 } |
| 560 | 603 |
| 561 void SSLClientSocketNSS::GetSSLCertRequestInfo( | 604 void SSLClientSocketNSS::GetSSLCertRequestInfo( |
| 562 SSLCertRequestInfo* cert_request_info) { | 605 SSLCertRequestInfo* cert_request_info) { |
| 563 EnterFunction(""); | 606 EnterFunction(""); |
| 564 cert_request_info->host_and_port = hostname_; | 607 cert_request_info->host_and_port = hostname_; |
| 565 cert_request_info->client_certs = client_certs_; | 608 cert_request_info->client_certs = client_certs_; |
| 566 LeaveFunction(cert_request_info->client_certs.size()); | 609 LeaveFunction(cert_request_info->client_certs.size()); |
| 567 } | 610 } |
| (...skipping 568 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1136 } | 1179 } |
| 1137 PRErrorCode prerr = PR_GetError(); | 1180 PRErrorCode prerr = PR_GetError(); |
| 1138 if (prerr == PR_WOULD_BLOCK_ERROR) { | 1181 if (prerr == PR_WOULD_BLOCK_ERROR) { |
| 1139 return ERR_IO_PENDING; | 1182 return ERR_IO_PENDING; |
| 1140 } | 1183 } |
| 1141 LeaveFunction(""); | 1184 LeaveFunction(""); |
| 1142 return NetErrorFromNSPRError(prerr); | 1185 return NetErrorFromNSPRError(prerr); |
| 1143 } | 1186 } |
| 1144 | 1187 |
| 1145 } // namespace net | 1188 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 415005:
Linux: add next-protocol-negotiation to libssl. (Closed)
